[haiku-development] Re: Design for signed packages
- From: Matthew Getch <getchmatthew@xxxxxxxxx>
- To: haiku-development@xxxxxxxxxxxxx
- Date: Fri, 28 Mar 2014 12:46:58 -0400
I feel I should introduce myself before I actually make a comment on the
matter, my name is Matthew and I'm a GSoC applicant who is relatively new
to Haiku.
I've been following the conversation for the last few days and feel that
it's premature to introduce and signed packaging into Haiku. In particular
the open source schema seems to almost reject the idea of any centralized
control over the source code, this modularity is one of the real powers of
open source projects and part of what makes Haiku so powerful. This
modularity must be brought to a certain point before it can resemble being
centralized, Haiku is close, but I would argue isn't cohesive enough to
truly capture this unification.
That being said, signed packages help ensure a level of authenticity for
those who are casually exploring Haiku and want to ensure they're getting
the best Haiku has to offer. That being said I don't believe that Haiku has
the ability to validate this user experience to the degree that those
looking for signed packages would want, so it comes down to a security
issue. Because of the current stage of the project and the direction that
Haiku is going ("Haiku is a fast, efficient, simple to use, easy to
learn...") security on this level shouldn't be addressed until we've met
all of these design goals.
Apologies if some of this stuff has been said before,
Matthew Getch
On Fri, Mar 28, 2014 at 10:46 AM, Stephan Aßmus <superstippi@xxxxxx> wrote:
> Am 28.03.2014 15:28, schrieb Jonathan Schleifer:
>
> Am 28.03.2014 um 04:00 schrieb waddlesplash <ajcsweb@xxxxxxxxx>:
>>
>> Let me be frank here: I am not opposed to signed packages. I am
>>> opposed to too much paranoia. Simple signed packages, as in "I
>>> guarantee this is in the state X Corp created it in" and not
>>> "Haiku, Inc tested this and verified that it both comes from X Corp
>>> and is virus-free." The first is good, the second is paranoia IMO.
>>>
>>
>> Actually, that's exactly what I said. I proposed to not sign it by
>> Haiku, Ingo proposed to be able to sign keys with other keys, e.g.
>> with a Haiku Inc. Key. The latter means Haiku would need to verify it
>> - which it can't.
>>
>
> It can't verify that the software contains no viruses or backdoors. That's
> not what this is about however, its about verifying the authenticy of the
> entity requesting a certificate. Which Haiku Inc. may be able to do on a
> case by case basis. It would be in addition to other trusted certificate
> authorities installed on the system. That was the whole point of the
> argument about which certificate format to go with. To enable that feature.
>
> As an aside, have you ever went through the process of obtaining a
> certificate for signing Windows software? From COMODO for example? Or to
> register an Apple ID and obtain a certificate? I am pretty sure that Haiku
> Inc. would have no problem doing the same level of verification.
>
> But maybe I am misunderstanding you, since in your other mail you seem to
> fully agree.
>
> Best regards,
> -Stephan
>
>
>
Other related posts:
